CVE-2024-35783
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022 SP1 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions < V2020 SP2 Update 5), SIMATIC Process Historian 2022 (All versions < V2022 SP1 Update 2), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIMATIC BATCH V9.1 | 0 < * | affected |
| Siemens | SIMATIC Information Server 2020 | 0 < V2020 SP2 Update 5 | affected |
| Siemens | SIMATIC Information Server 2022 | 0 < V2022 SP1 Update 2 | affected |
| Siemens | SIMATIC PCS 7 V9.1 | 0 < V9.1 SP2 UC06 | affected |
| Siemens | SIMATIC Process Historian 2020 | 0 < V2020 SP2 Update 5 | affected |
| Siemens | SIMATIC Process Historian 2022 | 0 < V2022 SP1 Update 2 | affected |
| Siemens | SIMATIC WinCC Runtime Professional V18 | 0 < V18 Update 5 | affected |
| Siemens | SIMATIC WinCC Runtime Professional V19 | 0 < V19 Update 3 | affected |
| Siemens | SIMATIC WinCC V7.4 | 0 < * | affected |
| Siemens | SIMATIC WinCC V7.5 | 0 < V7.5 SP2 Update 18 | affected |
| Siemens | SIMATIC WinCC V8.0 | 0 < V8.0 Update 5 | affected |
Weaknesses
- CWE-250: CWE-250: Execution with Unnecessary Privileges
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.